Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 4

An organization recently discovered a malware sample on an internal server. IoCs showed the malware sample was running on port 27573. The incident response team successfully removed the malware from the server, but the organization is now concerned about other instances of the malware being installed on another server. The following network traffic was captured after the known malware was assumed to be eradicated:


Which of the following can the organization conclude?
Cyber Incident Response Cybersecurity Tool Sets
A threat intelligence analyst has received multiple reports that are suspected to be about the same advanced persistent threat. To which of the following steps in the intelligence cycle would this map?
Threat Management
A Chief Information Security Officer (CISO) is concerned developers have too much visibility into customer data. Which of the following controls should be implemented to BEST address these concerns?
Threat Management Compliance and Assessment
While preparing for an audit of information security controls in the environment, an analyst outlines a framework control that has the following requirements:
• All sensitive data must be classified.
• All sensitive data must be purged on a quarterly basis.
• Certificates of disposal must remain on file for at least three years.

This framework control is MOST likely classified as:
Compliance and Assessment
A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company s network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?
Security Architecture and Tool Sets Compliance and Assessment
A general contractor has a list of contract documents containing critical business data that are stored at a public cloud provider. The organization s security analyst recently reviewed some of the storage containers and discovered most of the containers are not encrypted. Which of the following configurations will provide the MOST security to resolve the vulnerability?
Threat Management Cybersecurity Tool Sets
A developer wrote a script to make names and other PII data unidentifiable before loading a database export into the testing system. Which of the following describes the type of control that is being used?
Cybersecurity Tool Sets Compliance and Assessment
A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output:


Which of the following commands should the administrator run NEXT to further analyze the compromised system?
Security Operations and Monitoring
A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets.

Which of the following is the BEST example of the level of sophistication this threat actor is using?
Threat Management
A security analyst is reviewing the following log entries to identify anomalous activity:


Which of the following attack types is occurring?
Security Operations and Monitoring